Sample details: 85aeb55f336ecbbc502cd83f3d2ecd0d --

Hashes
MD5: 85aeb55f336ecbbc502cd83f3d2ecd0d
SHA1: e9bfe019393eb5776272f7b76d4193693fc6ae07
SHA256: 1b9a641035080abb59678c744d5b847be18655b8242071a8e2ea0a03316b6f5f
SSDEEP: 768:DZZAkP9soLX6RcX+zNDCIPIa+++++++++++++++++++7++++28fe8eqGK:DjJOWX6Ry+zUa++++++++++++++++++o
Details
File Type: PE32+
Added: 2019-05-04 16:42:52
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/network_tcp_socket | YRP/network_dns | YRP/win_mutex | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://104.248.10.33/phev_x64_heapalloc.exe.exe
Strings
		!This program cannot be run in DOS mode.
P`.data
.rdata
P@.pdata
0@.xdata
0@.bss
.idata
8MZtxH
AUATUWVSH
[^_]A\A]
ATUWVSH
@[^_]A\
H3|$0D
@[^_]A\
AUATUWVSH
X[^_]A\A]
UAWAVAUATWVSH
[^_A\A]A^A_]
ATUWVSH
 [^_]A\
([^_]H
9MZt	1
B' t	M
libgcj-16.dll
_Jv_RegisterClasses
kernel32.dll
FlsAlloc
VirtualAllocExNuma
GetTickCount
jMLRjCxbGOktOm
ihveaSDP
134.209.34.116
Argument domain error (DOMAIN)
Argument singularity (SIGN)
Overflow range error (OVERFLOW)
Partial loss of significance (PLOSS)
Total loss of significance (TLOSS)
The result is too small to be represented (UNDERFLOW)
Unknown error
_matherr(): %s in %s(%g, %g)  (retval=%g)
Mingw-w64 runtime failure:
Address %p has no image-section
  VirtualQuery failed for %d bytes at address %p
  VirtualProtect failed with code 0x%x
  Unknown pseudo relocation protocol version %d.
  Unknown pseudo relocation bit size %d.
.pdata
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.3.0 20170516
GCC: (GNU) 6.3.0 20170516
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.3.0 20170516
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.2.1 20161118
GCC: (GNU) 6.3.0 20170516
CreateEventA
CreateMutexA
CreateProcessA
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
HeapCreate
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
OpenProcess
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetErrorMode
SetUnhandledExceptionFilter
SleepEx
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WinExec
__C_specific_handler
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fmode
_initterm
_onexit
_unlock
calloc
fprintf
fwrite
malloc
memcpy
memset
printf
signal
strlen
strncmp
vfprintf
WSACleanup
WSAStartup
closesocket
connect
gethostbyname
socket
KERNEL32.dll
msvcrt.dll
WS2_32.dll
Washington1
Redmond1
Microsoft Corporation1
Microsoft IT1
Microsoft IT TLS CA 40"
20180116212402Z
20200116212402Z0
Redmond1
Microsoft Corporation1
Microsoft Corporation1
www.microsoft.com0
Washington1
Redmond1
Microsoft Corporation1
Microsoft IT1
Microsoft IT TLS CA 4
190318113106Z0
|C2ejZ
Notepad Benchmark Util
7http://sha256timestamp.ws.symantec.com/sha256/timestamp0